LMS | News

Moodle Tackles LMS Security Vulnerabilities

Moodle's developers have released an update to the popular open source learning management system. The latest Moodle 2.0.2 and 1.9.11 releases address several major security vulnerabilities and also include some bug fixes and performance enhancements.

Moodle 2.0.2 tackles seven security flaws from the 2.0.1 release that developers characterized as "major," including cross-site scripting vulnerabilities, a cross-site request forgery issue, and potential issues involving disclosure of information. The 1.9 branch update only addresses three vulnerabilities--two related to cross-site scripting and one related to potential information disclosure.

In addition to security fixes, Moodle 2.0.2 includes dozens of other fixes and improvements, including performance enhancements and fixes to various minor issues with wikis, SCORM, saving, course backup, and assessments.

Outside of security issues, version 1.9.11 included only five bug fixes. Those were in areas of Google Chrome support for Moodle's HTML editor, time in reports and logs exported to Excel, and a few other minor problems.

Moodle 2.0.2 and Moodle 1.9.11 are both available now as free downloads from the Moodle site. Further details on the 2.0.2 update can be found here. Details on the 1.9.11 update can be found here. Direct downloads are available here.

About the Author

Executive Producer David Nagel heads up the editorial department for 1105 Media's education publications — which include two daily sites, a variety of newsletters and two monthly digital magazines covering technology in both K-12 and higher education.

A 21-year publishing veteran, Nagel has led or contributed to dozens of technology, art and business publications.

He can be reached at dnagel@1105media.com. You can also connect with him on LinkedIn at linkedin.com/profile/view?id=10390192 or follow him on Twitter at @THEJournalDave (K-12) or @CampusTechDave (higher education). A selection of David Nagel's articles can be found on this site.

comments powered by Disqus